What is XSStrike?

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

XSStrike 3.1.2 changelog:

Fixed POST data handling

Support for JSON POST data

Support for URL rewriting

Cleaner crawling dashboard

No more weird characters while scanning DOM

Better DOM XSS scanning

Handle unicode while writing to file

Handle connection reset

Added ability to add headers from command line

Fixed issue which caused foundParams to not be tested

Since the last version was released, a lot has changed in XSStrike 3.1.2. For example, a browser engine has been integrated to aim for zero false positives and signatures to detect different web application firewalls (WAFs) has been improved. This tool can detect more than 65 WAFs now! Support for blind XSS has also been added and improved.

Download XSStrike 3.1.2:

You start to use XSStrike 3.1.2 (XSStrike-3.1.2.zip/Xsstrike-3.1.2.tar.gz) by checking out the GIT repository and then installing the dependencies. Simply put follow this procedure:

Featured Post

Three days ago, an updated version – Sysdig Falco v0.15.0 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release incorporates a lot of rule updates that are now also tagged the for MITRE ATT&CK Framework and patches CVE-2019-8339, a medium severity vulnerability.Read more about UPDATE: Sysdig Falco v0.15.0